G
GuideDevOps
Lesson 4 of 9

Service-to-Service Communication

Part of the Service Mesh tutorial series.

Overview

In a service mesh, services do not talk directly to each other. They talk to a "sidecar proxy" (like Envoy), which handles network communication, retries, and security policies on their behalf.

How it Works

  1. Sidecar Injection: A proxy is injected into the Pod along with your application container.
  2. Traffic Interception: All outgoing traffic is redirected through the local proxy.
  3. Control Plane: Manages the configuration of all proxies centrally.

Benefits

  • Transparent: Application code remains network-agnostic.
  • Resilient: Automatic retries and circuit breaking.
  • Secure: mTLS is enforced automatically between proxies.

Example: Communication Flow

graph LR
    App1[Service A] --> ProxyA[Sidecar Proxy A]
    ProxyA --> |Encrypted mTLS| ProxyB[Sidecar Proxy B]
    ProxyB --> App2[Service B]

Result: Service A reaches Service B securely, even over an unencrypted network.

Connection established via mTLS (TLS 1.3)